CVE-2025-32853

TeleControl Server Basic (versions before 3.1.2.2) is vulnerable to SQL injection via the internal UnlockDatabaseSettings method. An authenticated remote attacker who can access port 8000 can bypass authorization, read/write the application database, and execute code with NT AUTHORITY\NetworkServ...

CVE-2025-32852

Siemens TeleControl Server Basic versions before V3.1.2.2 are susceptible to SQL injection via the internal LockDatabaseSettings path, potentially allowing an authenticated attacker to bypass authorization, read/write the database, and execute code with NT AUTHORITY\NetworkService privileges. Exp...

CVE-2025-32852

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fro...

CVE-2025-32852

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read fro...

CVE-2025-32851

CVE-2025-32851 affects Siemens TeleControl Server Basic prior to 3.1.2.2. The vulnerability is an SQL injection in the internal method UnlockTcmSettings, enabling an authenticated remote attacker to bypass authorization, read/write the application’s database, and execute code with NT AUTHORITY\Ne...

CVE-2025-32850

Siemens TeleControl Server Basic is affected by a SQL injection in the internal LockTcmSettings method prior to version 3.1.2.2. The vulnerability can allow an authenticated remote attacker to bypass authorization, read/write the application database, and execute code with NT AUTHORITY\NetworkSer...

CVE-2025-32850

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockTcmSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32849

TeleControl Server Basic (All versions

CVE-2025-32848

CVE-2025-32848 affects Siemens TeleControl Server Basic (versions before 3.1.2.2). The vulnerability is an SQL injection in the internally used LockSmtpSettings method, allowing an authenticated remote attacker to bypass authorization, read/write the application DB, and execute code with NT AUTHO...

CVE-2025-32846

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockGeneralSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...

CVE-2025-32845

CVE-2025-32845 concerns Siemens TeleControl Server Basic. The vulnerability is an SQL injection in the internal UpdateGeneralSettings method of all versions earlier than 3.1.2.2. An authenticated remote attacker who can reach port 8000 could bypass authorization, read/write the application’s data...

CVE-2025-32844

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and writ...

CVE-2025-32843

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockUser' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write ...

CVE-2025-32842

TeleControl Server Basic (all versions

CVE-2025-32842

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetUsers' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and write ...

CVE-2025-32841

CVE-2025-32841 concerns Siemens TeleControl Server Basic (all versions

CVE-2025-32841

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockGateway' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32840

CVE-2025-32840 affects Siemens TeleControl Server Basic (versions

CVE-2025-32840

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'LockGateway' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...

CVE-2025-32839

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'GetGateways' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and wri...